xmrig

First submission 2024-09-03 12:28:04

File details

File type: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=989c8e3124a392451d99d52d4ffe7c9e75b887f2, stripped
Mime type: application/x-executable
File size: 8091.23 KB (8285424 bytes)
MD5: 7429d24207b100f6c164bf4703b5941e
SHA1: a7fad4de1ce0ed2c137c09d4bf9fe7276555f4a0
SHA256: 72ac2877c9e4cd7d70673c0643eb16805977a9b8d55b6b2e5a6491db565cee1f

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 42/79 VT report date: 2024-08-29 10:15:04
Malware Type 3 miner trojan pua
Threat Type 3 malxmr nezaa usblea24

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://144.34.162.13/xmrig VirusTotal Report 144.34.162.13 VirusTotal Report 2024-09-03 12:28:04

Strings analysis - File found

Executable
lib%s.so
XML
topology.xml

Strings analysis - Possible IPs found 25

1.3.111.2
1.3.101.111
1.3.101.110
1.3.101.113
1.3.101.112
127.0.0.1
1.3.36.3
1.3.6.1
3.1.9.9
3.1.9.4
3.1.9.3
3.1.9.1
3.1.9.29
3.1.9.49
3.1.9.21
1.3.14.3
3.1.9.23
3.1.9.44
3.1.9.43
3.1.9.24
3.1.9.41
101.3.4.1
101.3.4.2
61.1.1.1
1.9.16.3

Strings analysis - Possible URLs found 7

https://gcc.gnu.org/bugsrg/bugs/):
https://xmrig.com/wizard
https://xmrig.com/docs/algorithms
http://
https://xmrig.com/benchmark/%s
https://
http://%s